Last Saturday, I learnt something. (Not that this is an unusual
occurrence, of course.) I was trying to upgrade my Ubuntu box to
“edgy eft”, and was having trouble downloading packages. It
turned out that my ADSL had gone down. And up. And down. sigh So,
after a few reboot cycles of the modem and my firewall, I was back up
again.

The upgrade completed without too much pain (nice one, Debian and
Ubuntu), so I turned my attention to some web site work I needed to
do. Only could get through to my web server. Or mail server. Great, I
thought, I just get my ‘net connection back up and my hosting service
goes down. Good excuse to watch the Grand Final, if nothing else. :)

Several hours later, football over for another year and my servers
still not accessible, I thought I’d better look into it a bit more
closely. My hosting service provides ssh access to the Xen console of
my machines, so I tried that. And it worked. And what I saw was many
kernel messages about packets from a “bogon” IP address being blocked.
And the IP in question resolved to an iinet.net.au (my ADSL provider)
domain name. Hmm.

After a bit of investigation, it turned out that with the outage in
the morning, my ADSL IP had changed from a 203.214.. network to
124.168... And this netblock has until relatively recently been
“reserved” by IANA. As it happens, Shorewall keeps a static
list of “bogon” (i.e not normally seen on the public Internet) IP
addresses in a configuration file, and this list included the rather
sweeping netblock of 96.0.0.0/3, which results in everything from 96/8
up to 126/8 being blocked. But at the start of this year, IANA
released the class As from 121/8 to 126/8 to APNIC, who gave them
mostly to large Australian ISPs as far as I can tell, and evidently
some those (like iiNet) are starting to roll them out to customers.

Anyway, a quick poke around with Google turned up this updated bogons
file, so I installed that and restarted my firewall, and
everything was fine again. It all goes to show, nothing is simple in
the world of internetworking.